implement client cert auth
This commit is contained in:
parent
d62787101d
commit
89dc74519f
13
auth.go
13
auth.go
|
@ -30,6 +30,8 @@ func NewAuth(paramstr string) (Auth, error) {
|
||||||
return NewStaticAuth(url)
|
return NewStaticAuth(url)
|
||||||
case "basicfile":
|
case "basicfile":
|
||||||
return NewBasicFileAuth(url)
|
return NewBasicFileAuth(url)
|
||||||
|
case "cert":
|
||||||
|
return CertAuth{}, nil
|
||||||
case "none":
|
case "none":
|
||||||
return NoAuth{}, nil
|
return NoAuth{}, nil
|
||||||
default:
|
default:
|
||||||
|
@ -177,3 +179,14 @@ func (_ NoAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
type CertAuth struct {}
|
||||||
|
|
||||||
|
func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
|
||||||
|
if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 {
|
||||||
|
http.Error(wr, "Forbidden", http.StatusForbidden)
|
||||||
|
return false
|
||||||
|
} else {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
5
main.go
5
main.go
|
@ -26,7 +26,7 @@ type CLIArgs struct {
|
||||||
auth string
|
auth string
|
||||||
verbosity int
|
verbosity int
|
||||||
timeout time.Duration
|
timeout time.Duration
|
||||||
cert, key string
|
cert, key, cafile string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -39,6 +39,7 @@ func parse_args() CLIArgs {
|
||||||
flag.DurationVar(&args.timeout, "timeout", 10 * time.Second, "timeout for network operations")
|
flag.DurationVar(&args.timeout, "timeout", 10 * time.Second, "timeout for network operations")
|
||||||
flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")
|
flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")
|
||||||
flag.StringVar(&args.key, "key", "", "key for TLS certificate")
|
flag.StringVar(&args.key, "key", "", "key for TLS certificate")
|
||||||
|
flag.StringVar(&args.cafile, "cafile", "", "CA file to authenticate clients with certificates")
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
return args
|
return args
|
||||||
}
|
}
|
||||||
|
@ -74,7 +75,7 @@ func run() int {
|
||||||
|
|
||||||
mainLogger.Info("Starting proxy server...")
|
mainLogger.Info("Starting proxy server...")
|
||||||
if args.cert != "" {
|
if args.cert != "" {
|
||||||
cfg, err1 := makeServerTLSConfig(args.cert, args.key, "")
|
cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile)
|
||||||
if err1 != nil {
|
if err1 != nil {
|
||||||
mainLogger.Critical("TLS config construction failed: %v", err)
|
mainLogger.Critical("TLS config construction failed: %v", err)
|
||||||
return 3
|
return 3
|
||||||
|
|
Loading…
Reference in New Issue